package qshsoft.springsecurity.config

import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder
import org.springframework.security.crypto.password.PasswordEncoder
import qshsoft.springsecurity.handle.MyAuthenticationFailureHandler
import qshsoft.springsecurity.handle.MyAuthenticationSuccessHandler

@Configuration
class SecurityConfig extends WebSecurityConfigurerAdapter{

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()
        .usernameParameter("username123")
        .passwordParameter("password123")
        .loginPage("/login.html")
        .loginProcessingUrl("/login")
        //成功跳转
//        .successForwardUrl("/toMain")
        .successHandler(new MyAuthenticationSuccessHandler("/main.html"))
        //失败跳转
//        .failureForwardUrl("/toError")
        .failureHandler(new MyAuthenticationFailureHandler("/error.html"))

        http.authorizeRequests()
        .antMatchers('/login.html').permitAll()
        .antMatchers('/error.html').permitAll()
        .anyRequest().authenticated()

        http.csrf().disable()
    }

    @Bean
    public PasswordEncoder getPw(){
        return new BCryptPasswordEncoder();
    }
}
